Nima sent this to me a while ago and I completely forgot to forward it on. Note the Google docs and the PDF at the bottom. Useful food for though for Tor Messenger, Tor Browser, and other user-facing stuff. ----- Forwarded message from Nima Fatemi <nima@xxxxxxxxxxxxxx> ----- Date: Fri, 24 Jul 2015 03:39:31 +0000 From: Nima Fatemi <nima@xxxxxxxxxxxxxx> To: Mike Perry <mikeperry@xxxxxxxxxxxxxx> Subject: UX Principles Hi Mike, sorry for late email. I was meaning to send you this sooner but I've had a big pile of email, I had to take care of. So the forwarded message below includes an attachment, which is the Yee's principles and then there's another paper that linda has mentioned, which is worth reading I think. Here's that talk from Google Chrome's Elisabeth Morant that I mentioned to you: https://news.yahoo.com/video/yahoo-trust-unconference-security-ux-161037378.html Here are the slides: (the good stuff start from page 12) https://docs.google.com/presentation/d/1i2Pwennj8PcsigACPA1oLpRNLd7BVC0oilsgKzAx2sY/edit?pli=1#slide=id.g999beac96_0_0 And here are my notes from the talk + my thoughts added to them: - 1st principle: Don't annoy users, even with updates. - People (even infosec ppl) ignore updates - users are often worried that updates would change the interface, it took them time and energy to get used to current things, they dont want it to change (even if it's a good change) - Enable auto-update by default with an option to opt out - Give devs and users tools to time permission requests - 2nd principle: allow mistakes!!! let them change their settings easily if they've changed their minds - settings windows doing similar thing should look similar and if they do the exact things, they should look identical. - make settings easy to discover - 3rd principle: combat jerks [malicious-HS_maybe?] - danger is hard to communicate - how to tell users about the danger they're facing - infrastructure for detecting and reacting to badness - how to do this in a decentralized way?! - karma! tie user engagement to resource allocation (maybe useful for HiddenServices?) (okay, right after writing this sentence, I started a conversation in #tor-project. see the backlog, you might find it interesting) - crowd consent Let me know if I can be of any help. Bests, -- Nima -------- Forwarded Message -------- Subject: Yee's principles Date: Wed, 1 Jul 2015 05:51:05 -0700 From: Linda Naeun Lee <lnl@xxxxxxxxxxxx> To: Tor Project <nima@xxxxxxxxxxxxxx> Nima: Here are notes. And another paper. http://zesty.ca/pubs/yee-sid-ieeesp2004.pdf -- Linda Naeun Lee Graduate Student Researcher Department of Computer Science University of California, Berkeley ----- End forwarded message ----- -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev